CVE-2026-31789

🗓️ 07 Apr 2026 22:00:54Reported by opensslType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 60 Views

Heap buffer overflow converting large OCTET STRING to hex in X.509 extensions on thirty two bit platforms; may crash or allow code execution.

Reporter	Title	Published	Views	Family All 121
AlpineLinux	CVE-2026-31789	7 Apr 202622:00	–	alpinelinux
FreeBSD	OpenSSL -- Multiple vulnerabilities	7 Apr 202600:00	–	freebsd
CBLMariner	CVE-2026-31789 affecting package openssl for versions less than 3.3.5-5	7 Apr 202622:21	–	cbl_mariner
Chainguard	CVE-2026-31789 vulnerabilities	19 May 202601:17	–	cgr
Circl	CVE-2026-31789	7 Apr 202623:31	–	circl
CNNVD	OpenSSL 安全漏洞	7 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion	7 Apr 202622:00	–	cvelist
IBM Security Bulletins	Security Bulletin: IBM i is Affected By NULL Pointer Dereference, Use Afer Free, and Out-of-Bounds Write Vulnerabilities in OpenSSL [CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-28387, CVE-2026-31789]	8 Jun 202620:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities impact AIX due to OpenSSL	4 May 202622:03	–	ibm
Debian	[SECURITY] [DSA 6201-1] openssl security update	7 Apr 202621:17	–	debian

NVD

Vulners

Node

openssl opensslRange3.0.0–3.0.20

openssl opensslRange3.3.0–3.3.7

openssl opensslRange3.4.0–3.4.5

openssl opensslRange3.5.0–3.5.6

openssl opensslRange3.6.0–3.6.2

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "lessThan": "3.6.2",
        "status": "affected",
        "version": "3.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.5.6",
        "status": "affected",
        "version": "3.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.4.5",
        "status": "affected",
        "version": "3.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.3.7",
        "status": "affected",
        "version": "3.3.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.0.20",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9
github	www.github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf
github	www.github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49
openssl-library	www.openssl-library.org/news/secadv/20260407.txt
github	www.github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde
github	www.github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-032379.html

12 May 2026 13:17Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.15.8 - 9.8

EPSS0.00007

SSVC

CWE-787